This morning Arjan Beijer sent me an interesting link to a youtube video about obtaining the Citrix IMA Datastore password using Windbg.

The video shows a method, discovered by Denis Gundarev to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set’s a breakpoint on the call to CryptUnprotectData and then reads the password from memory.

I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means “Key not valid for use in specified state”.

Read the rest of this entry »

Just a small post today: a small commandline utility that reads the “DefaultPassword” LSA secret.

This secret is stored in the registry under the SECURITY Hive:

Read the rest of this entry »

After figuring out how to encode and decode the Citrix passwords my next step for the upcoming Citrix Launcher is experiment with config.xml and authenticating to the Citrix Web Interface.

I imported the NFuse.dtd from the Citrix Web Interface into Delphi with the XML Data Binding Wizard. The results in an NFuse Unit so I can easily create the XML data.

To create an authentication packet I use the following code:

Read the rest of this entry »

I am working on a launcher tool for Citrix XenApp that can not only connect to a published application or published desktop but can also leverage Citrix Workspace Control to reconnect to disconnected and/or active sessions.

There doesn’t seem to be any sdk that exposed the data we need so I am trying to reproduce what the Citrix online plugi-in does.

I used a HTTP monitoring tool to capture the traffic between the Online plug-in and the Web Interface. First the online plug-in will retrieve the config.xml from the server specified via the Change Server option:

Read the rest of this entry »

For a research project I tried to install Windows NT 4 Terminal Server on VMWare Workstation (version 8).

The setup would always fail however with the following error:

Obviously the installation doesn’t really fail because of too little memory and neither is the installation disc (an iso file) corrupt, it’s a bug.

Read the rest of this entry »

I needed to dome some Bit Shifting in PowerShell but unfortunately PowerShell lacks operator for Bit Shifting. I searched the .NET Framework for anything that allows for bit shifting but was unable to find anything suitable.

I didn’t want to revert to C# so I implemented shift left and shift right functions in PowerShell.

The code isn’t really pretty and could probably be improved (comments/improvements are welcome!) but here goes (please note that I implemented for bit shifting a byte):

Read the rest of this entry »

A user reported that the following error while visiting a website on a Citrix XenApp server:

I tried adding the site to the Trusted Sites List and adding the url to the Per Site Privacy list:

But this didn’t work, but I noticed that the site was “flickering” a lot so I suspected that HDX Flash Acceleration was the problem.

Read the rest of this entry »

I needed to login as root on a Linux based virtual appliance to do some troubleshooting. In my case the appliance was running Suse Linux Enterprise.

I booted the VA using the Ubuntu Live CD and opened a Terminal. Then I used the cfdisk tool (sudo cfdisk /dev/sda) to view the partitions:

Read the rest of this entry »

If you want to Create an Active Directory group with PowerShell there are a few things you need to be aware of:

First of all there is no direct way to create new objects in Active Directory. You always need to bind to the Domain or an Organizational Unit and call the Create method.

Example:

However the group is not yet complete:

Read the rest of this entry »

When Launching a PowerShell script I noticed the following error: “AuthorizationManager check failed.“

This happens because either the Current User or the All Users PowerShell profile is empty.

Read the rest of this entry »